*vh'ddlZddlZddlZdZdZGddeZGddZdZdd Z dd Z dZ dZ ddZ dS)Nz/etc/cagefs/cagefs.mpz/usr/sbin/cagefsctlceZdZdZdZdS)CagefsMpConflictc2d|dtd|d|_dS)NzConflict in adding 'z' to z5 because of pre-existing alternative specification: '')CAGEFS_MP_FILENAME_msg)selfnew_item existing_items T/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/subsys/clcagefs.py__init__zCagefsMpConflict.__init__s,xx+++]]] < c|jSN)rr s r __str__zCagefsMpConflict.__str__s yrN)__name__ __module__ __qualname__r rrr rrs2   rrceZdZdZdZdZdZdZdZe dZ dZ d Z d Z e d Ze d Ze d ZdZdZdZdS) CagefsMpItems@!%r!c|dddkr d|_dS|dkr d|_dS||_dS)zConstructor :param arg: Is either path to add to cagefs.mp or a raw line is read from cagefs.mp :param prefix: The same as adding prefix '!' to arg before passing it to ctorN#r) _path_specstrip)r args r r zCagefsMpItem.__init__#sI rr7d??"DOOO YY[[C  "DOOO!DOOOrc\|dkr|d|j|fz|_|S)z%Specify mode as in fluent constructor@Ns%s,%03o)prefixr)r modes r r#zCagefsMpItem.mode2s4 ;;==D T%5(DOT+BBDO rc4tj|jSr)osfsdecoderrs r rzCagefsMpItem.__str__:s{4?+++rc8|dkrdS|ddkr|dzS|S)Nr//r)paths r _add_slashzCagefsMpItem._add_slash=s. 3;;4 8w  $;  rcdt|}|s|rdSt|}t|}||S)NF)r_adoptis_dummyr,r+ startswith)r anotheradopted this_pathtest_preexist_in_paths r pre_exist_inzCagefsMpItem.pre_exist_inEs%%g.. ==?? g..00 5 ++DIIKK88 , 7 7  G G##$9:::rct|}|s|rdS||krdStjtjgi}g}||||vS)NFT)rr.r/r"_PREFIX_MOUNT_RW_PREFIX_MOUNT_ROget)r existingr2prefix_compatibility_map null_optionss r is_compatible_by_prefix_withz)CagefsMpItem.is_compatible_by_prefix_withPs%%h// ==?? g..00 5 ;;==GNN,, , ,4  )L,I+J$   {{}} 8 < < NN  l! !   rc|jduSrrrs r r/zCagefsMpItem.is_dummycs$&&rcNt|tr|St|Sr) isinstancer)xs r r.zCagefsMpItem._adoptfs% a & & #H?? "rc8|ddS)zjCut off mode from path spec like @/var/run/screen,777 Only one comma per path spec is allowed ;-),r)split path_specs r _cut_off_modezCagefsMpItem._cut_off_modems t$$Q''rc@|tjSr)lstripr PREFIX_LISTrFs r _cut_off_prefixzCagefsMpItem._cut_off_prefixus 8999rcptt|jSr)rrLrHrrs r r+zCagefsMpItem.pathys-++  & &t 7 7   rc^|j|kr|jddSdS)Nrrr)rr+rs r r"zCagefsMpItem.prefix~s- ?diikk ) )?1Q3' '3rc|jSrr?rs r speczCagefsMpItem.specs rN)rrrrKr7r8r r#r staticmethodr,r5r=r/r.rHrLr+r"rPrrr rrsK " " ",,,\ ; ; ;   &'''##\# ((\(::\:    rrcJtjtSr)r%r+existsCAGEFSCTL_TOOLrrr is_cagefs_presentrUs 7>>. ) ))rc|d}|d}tj|stj||tj||tj|||dS)Nr))r%r+isdirmkdirchmodchown)r+r#owner_idgroup_ids r _mk_mount_dir_setup_permr^sm 7==     tHT8X&&&&&rrTc t||||tjtst jtdgt jtdgttd} t||z | d|D} fd|D} | s| dd| dd }| d |d zd z| d z||rt jtd gn1 | dst% | d|dS#|wxYw)a  Add mount point to /etc/cagefs/cagefs.mp :param path: Directory path to be added in cagefs.mp and mounted from within setup_mount_dir_cagefs(). If this directory does not exist, then it is created. :param added_by: package or component, mount dir relates to, or whatever will stay in cagefs.mp with "# added by..." comment :param mode: If is not None: Regardless of whether directory exists or not prior this call, it's permissions will be set to mode. :param owner_id: Regardless of whether directory exists or not prior this call, it's owner id will be set to. If None, the owner won't be changed. :param group_id: Regardless of whether directory exists or not prior this call, it's group id will be set to. If None, the group won't be changed. :param prefix: Mount point prefix. Default is mount as RW. Pass '!' to add read-only mount point. Refer CageFS section at http://docs.cloudlinux.com/ for more options. :param remount_cagefs: If True, cagefs skeleton will be automatically remounted to apply changes. :returns: None Propagates native EnvironmentError if no CageFS installed or something else goes wrong. Raises CagefsMpConflict if path is already specified in cagefs.mp, but in a way which is opposite to mount_as_readonly param. z --create-mpz --check-mpzrb+c3>K|]}|VdSr)rstrip).0 file_lines r z)setup_mount_dir_cagefs..s.FFy ((**FFFFFFrc>g|]}||Sr)r5)rbrBr s r z*setup_mount_dir_cagefs..s<   x'<'>, - -97888O^\2333 '//I ..33D99FFIFFF     #     C NN1a  ''c22H OO+hoog.F.FFN    OOHMMOOe3 4 4 4 OO    C ABBB667G7KLL C"8-=b-ABB B  s D(GGcttd5}|cdddS#1swxYwYdS)Nrb)rnr readlines)fs r _get_cagefs_mp_linesr~s  $ ' '1{{}}s 7;;cttd5}||cdddS#1swxYwYdS)Nwb)rnr writelines)linesr}s r _write_cagefs_mp_linesrs  $ ' '#1||E""##################s 8<<ct}tjdtjtj|fzfd|D}t ||rtjtdgdSdS)z Remove mount points matching given path from cagefs.mp file :param str path: Path that should be removed from file. :param bool remount_cagefs: Remount cagefs skeleton or not :return: Nothing s^[%s]?%s(,\d+)?$c3FK|]}||VdSr)match)rbliners r rdz*remove_mount_dir_cagefs.. s2LLaggdmmLLLLLLLrrkN) r~recompilerrKescaperrlrmrT)r+rurlines_with_excluded_pathrs @r remove_mount_dir_cagefsrs ! " "E  8")D//JJ  A MLLLLLL3444;9:::::;;r)rVNN)rVNNrT)T)r%rrlrrT ExceptionrrrUr^ryr~rrrrr rs ,&     y   ggggggggT*** ' ' ' '&    VVVVr ### ;;;;;;r